idnits 2.17.00 (12 Aug 2021) /tmp/idnits26457/draft-thubert-6lo-rfc6775-update-reqs-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == The page length should not exceed 58 lines per page, but there was 1 longer page, the longest (page 2) being 60 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 2 instances of too long lines in the document, the longest one being 2 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (August 19, 2014) is 2832 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC3775' is defined on line 595, but no explicit reference was found in the text == Unused Reference: 'RFC4291' is defined on line 598, but no explicit reference was found in the text == Unused Reference: 'RFC4443' is defined on line 604, but no explicit reference was found in the text == Unused Reference: 'I-D.hong-6lo-ipv6-over-nfc' is defined on line 653, but no explicit reference was found in the text == Unused Reference: 'I-D.ietf-6tisch-terminology' is defined on line 676, but no explicit reference was found in the text == Unused Reference: 'I-D.popa-6lo-6loplc-ipv6-over-ieee19012-networks' is defined on line 692, but no explicit reference was found in the text == Unused Reference: 'RFC3963' is defined on line 698, but no explicit reference was found in the text == Unused Reference: 'RFC4389' is defined on line 708, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2460 (Obsoleted by RFC 8200) ** Obsolete normative reference: RFC 3775 (Obsoleted by RFC 6275) ** Downref: Normative reference to an Experimental RFC: RFC 6830 == Outdated reference: A later version (-07) exists of draft-chakrabarti-nordmark-6man-efficient-nd-04 == Outdated reference: A later version (-03) exists of draft-hong-6lo-ipv6-over-nfc-01 == Outdated reference: draft-ietf-6lo-btle has been published as RFC 7668 == Outdated reference: draft-ietf-6tisch-architecture has been published as RFC 9030 == Outdated reference: A later version (-10) exists of draft-ietf-6tisch-terminology-00 == Outdated reference: draft-ietf-roll-terminology has been published as RFC 7102 Summary: 4 errors (**), 0 flaws (~~), 16 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 6Lo P. Thubert, Ed. 3 Internet-Draft cisco 4 Intended status: Standards Track August 19, 2014 5 Expires: February 18, 2015 7 Requirements for an update to 6LoWPAN ND 8 draft-thubert-6lo-rfc6775-update-reqs-02 10 Abstract 12 Work presented at the 6lo, 6TiSCH and 6MAN working groups suggest 13 that enhancements to the 6LoWPAN ND mechanism. This document 14 elaborates on such requirements. 16 Status of this Memo 18 This Internet-Draft is submitted in full conformance with the 19 provisions of BCP 78 and BCP 79. 21 Internet-Drafts are working documents of the Internet Engineering 22 Task Force (IETF). Note that other groups may also distribute 23 working documents as Internet-Drafts. The list of current Internet- 24 Drafts is at http://datatracker.ietf.org/drafts/current/. 26 Internet-Drafts are draft documents valid for a maximum of six months 27 and may be updated, replaced, or obsoleted by other documents at any 28 time. It is inappropriate to use Internet-Drafts as reference 29 material or to cite them other than as "work in progress." 31 This Internet-Draft will expire on February 18, 2015. 33 Copyright Notice 35 Copyright (c) 2014 IETF Trust and the persons identified as the 36 document authors. All rights reserved. 38 This document is subject to BCP 78 and the IETF Trust's Legal 39 Provisions Relating to IETF Documents (http://trustee.ietf.org/ 40 license-info) in effect on the date of publication of this document. 41 Please review these documents carefully, as they describe your rights 42 and restrictions with respect to this document. Code Components 43 extracted from this document must include Simplified BSD License text 44 as described in Section 4.e of the Trust Legal Provisions and are 45 provided without warranty as described in the Simplified BSD License. 47 Table of Contents 49 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 50 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 51 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 52 3.1. RPL Leaf Support in 6LoWPAN ND . . . . . . . . . . . . . . 5 53 3.2. registration Failures Due to Movement . . . . . . . . . . 6 54 3.3. Proxy registration . . . . . . . . . . . . . . . . . . . . 6 55 3.4. Target Registration . . . . . . . . . . . . . . . . . . . 6 56 3.5. RPL root vs. 6LBR . . . . . . . . . . . . . . . . . . . . 7 57 3.6. Securing the Registration . . . . . . . . . . . . . . . . 7 58 4. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 8 59 4.1. Requirements Related to Mobility . . . . . . . . . . . . . 8 60 4.2. Requirements Related to Routing Protocols . . . . . . . . 8 61 4.3. Requirements Related to the Variety of Low-Power Link types 9 62 4.4. Requirements Related to Proxy Operations . . . . . . . . . 9 63 4.5. Requirements Related to Security . . . . . . . . . . . . . 10 64 4.6. Requirements Related to Low-Power devices . . . . . . . . 10 65 5. Suggested Changes to Protocol Elements . . . . . . . . . . . . 10 66 5.1. ND Neighbor Solicitation (NS) . . . . . . . . . . . . . . 10 67 5.2. ND Router Advertisement (RA) . . . . . . . . . . . . . . . 10 68 5.3. RPL DODAG Information Object (DIO) . . . . . . . . . . . . 11 69 5.4. ND Enhanced Address Registration Option (EARO) . . . . . . 11 70 6. Security Considerations . . . . . . . . . . . . . . . . . . . 12 71 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 72 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 12 73 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12 74 9.1. Normative References . . . . . . . . . . . . . . . . . . . 12 75 9.2. Informative References . . . . . . . . . . . . . . . . . . 13 76 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 15 78 1. Introduction 80 A number of use cases, including the Industrial Internet, require a 81 large scale deployment of sensors that can not be realized with wires 82 and is only feasible over wireless Low power and Lossy Network (LLN) 83 technologies. When simpler hub-and-spoke topologies are not 84 sufficient for the expected throughput and density, mesh networks 85 must be deployed, which implies the concepts of hosts and routers, 86 whether operated at Layer-2 or Layer-3. 88 The IETF has designed the LLN host-to-router and router-to-router 89 protocol that supports address assignment and the router-to-router 90 protocol that supports reachability across Route-Over LLNs in 91 different Areas. It was clear for both efforts that the scalability 92 requirements could only be met with IPv6 [RFC2460], and there is no 93 fundamental contradiction between those protocols to that regard. 95 While DHCPv6 is still a viable option in LLNs, the new IETF standard 96 that supports address assignment specifically for LLNs is 6LoWPAN ND, 97 the Neighbor Discovery Optimization for Low-power and Lossy Networks 98 [RFC6775]. 6LoWPAN ND was designed as a stand-alone mechanism 99 separately from its IETF routing counterpart, the IPv6 Routing 100 Protocol for Low power and Lossy Networks [RFC6550] (RPL), and the 101 interaction between the 2 protocols was not defined. 103 The 6TiSCH WG is now considering an architecture [I-D.ietf-6tisch- 104 architecture] whereby a 6LowPAN ND host could connect to the Internet 105 via a RPL Network, but this requires additions to the protocol to 106 support mobility and reachability in a secured and manageable 107 environment. 109 At the same time, new work at 6MAN on Efficiency aware IPv6 Neighbor 110 Discovery Optimizations [I-D.chakrabarti-nordmark-6man-efficient-nd] 111 suggests that 6LoWPAN ND can be extended to other types of networks 112 on top of the Low power and Lossy Networks (LLNs) for which it was 113 already defined. The value of such extension is especially apparent 114 in the case of mobile wireless devices, to reduce the multicast 115 operations that are related to classical ND ([RFC4861], [RFC4862]) 116 and plague the wireless medium. In this context also, there is a 117 need for additions to the protocol. 119 The"Optimistic Duplicate Address Detection" [RFC4429](ODAD) 120 specification details how an address can be used before a Duplicate 121 Address Detection (DAD) is complete, and insists that an address that 122 is TENTATIVE should not be associated to a Source Link-Layer Address 123 Option in a Neighbor Solicitation message. As we expect the 6LoWPAN 124 ND protocol for a more general use, it can make sense to keep 125 respecting that rule, which is another change to the specification. 127 This document proposes a limited evolution to [RFC6775] so as to 128 allow operation of a 6LoWPAN ND node as a leaf to a RPL network, and 129 enable a more generalized use of the formats therein outside of the 130 strict LLN domain. 132 2. Terminology 134 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 135 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 136 document are to be interpreted as described in [RFC2119]. 138 Readers are expected to be familiar with all the terms and concepts 139 that are discussed in "Neighbor Discovery for IP version 6" 140 [RFC4861], "IPv6 Stateless Address Autoconfiguration" [RFC4862], 141 "IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs): 142 Overview, Assumptions, Problem Statement, and Goals" [RFC4919], 143 Neighbor Discovery Optimization for Low-power and Lossy Networks 144 [RFC6775] and "Transmission of IPv6 Packets over IEEE 802.15.4 145 Networks" [RFC4944]. 147 Additionally, this document uses terminology from 6TiSCH [I-D.ietf- 148 6tisch-terminology] and ROLL [I-D.ietf-roll-terminology]. 150 3. Overview 152 The 6TiSCH architecture [I-D.ietf-6tisch-architecture] expects that 153 a 6LoWPAN device can connect as a leaf to a RPL network, where the 154 leaf support is the minimal functionality to connect as a host to a 155 RPL network without the need to participate to the full routing 156 protocol. The support of leaf can be implemented as a minor 157 increment to 6LoWPAN ND, with the additional capability to carry a 158 sequence number that is used to track the movements of the device, 159 and optionally some information about the RPL topology that this 160 device will join. 162 The scope of the 6TiSCH Architecture is a Backbone Link that 163 federates multiple LLNs as a single IPv6 Multi-Link Subnet. Each LLN 164 in the subnet is anchored at a Backbone Router (6BBR). The Backbone 165 Routers interconnect the LLNs over the Backbone Link and emulate that 166 the LLN nodes are present on the Backbone by proxy-ND operations. An 167 LLN node can move freely from an LLN Route-Over mesh anchored at a 168 Backbone Router to another anchored at same or a different Backbone 169 Router inside the Multi-Link Subnet and conserve its addresses. 171 ---+------------------------ 172 | Plant Network 173 | 174 +-----+ 175 | | Gateway 176 | | 177 +-----+ 178 | 179 | Backbone Link (with VLANs) 180 +--------------------+------------------+ 181 | | | 182 +-----+ +-----+ +-----+ 183 | | Backbone | | Backbone | | Backbone 184 | | router | | router | | router 185 +-----+ +-----+ +-----+ 186 | | | | | | 187 0 0 0 0 0 (6LBR == RPL root) 188 o o o o o o o o o o o o o o 189 o o o o o o o o o o (6LR == RPL router) 190 o o o o o o o z 191 o o o o o z 192 RPL Instances (6LoWPAN Host == RPL leaf) 194 The root of the RPL topology is logically separated from the 6BBR 195 that is used to connect the RPL topology to the backbone. Efficient 196 ND is a perfect interface for the RPL root to register the LLN node 197 in its topology to the 6BBR for proxy operations. It results that 198 the signalling would start at the leaf node with 6LoWPAN ND, then 199 would be carried over RPL to the RPL root, and then with Efficient-ND 200 to the 6BBR. Efficient ND being an adaptation of 6LoWPAN ND, it 201 makes sense to keep those two homogeneous in the way they use the 202 source and the target addresses in the Neighbor Solicitation (NS) 203 messages for registration, as well as in the options that they use 204 for that process. 206 6LoWPAN Node 6LR 6LBR 6BBR 207 (RPL leaf) (router) (root) 208 | | | | 209 | 6LoWPAN ND |6LoWPAN ND+RPL | Efficient ND | IPv6 ND 210 | LLN link |Route-Over mesh| IPv6 link | Backbone 211 | | | | 212 | NS(ARO) | | | 213 |-------------->| | | 214 | 6LoWPAN ND | DAR (then DAO)| | 215 | |-------------->| | 216 | | | NS(ARO) | 217 | | |-------------->| 218 | | | | DAD 219 | | | |------> 220 | | | | 221 | | | NA(ARO) | 222 | | |<--------------| 223 | | DAC | | 224 | |<--------------| | | 225 | NA(ARO) | | | 226 |<--------------| | | | 228 As the network builds up, a node should start as a leaf to join the 229 RPL network, and may later turn into a RPL router and eventually a 230 6LR as well, so as to accept leaf nodes to recursively join the 231 network. 233 3.1. RPL Leaf Support in 6LoWPAN ND 235 RPL needs a set of information in order to advertise a leaf node 236 through a DAO message and establish reachability. 238 At the bare minimum the leaf device must provide a sequence number 239 that matches the RPL specification in section 7. [I-D.chakrabarti- 240 nordmark-6man-efficient-nd] section "4.1. Address Registration 241 Option" (ARO) already incorporates that addition with a new field in 242 the option called the Transaction ID. 244 If for some reason the node is aware of RPL topologies, then 245 providing the RPL InstanceID for the instances to which the node 246 wishes to participate would be a welcome addition. In the absence of 247 such information, the RPL router must infer the proper instanceID 248 from external rules and policies. 250 On the backbone, the InstanceID is expected to be mapped onto a 251 VLANID. Neither WiFi nor Efficient ND do provide a mapping to 252 VLANIDs, and it is unclear, when a wireless node attaches to a 253 backbone where VLANs are defined, which VLAN the wireless device 254 attaches to. Considering that a VLAN is effectively the IP link on 255 the backbone, adding the InstanceID to both specifications could be a 256 welcome addition. 258 3.2. registration Failures Due to Movement 260 Registration to the 6LBR through DAR/DAC messages [RFC6775] may 261 percolate slowly through an LLN mesh, and it might happen that in the 262 meantime, the 6LoWPAN node moves and registers somewhere else. Both 263 RPL and 6LoWPAN ND lack the capability to indicate that the same node 264 is registered elsewhere, so as to invalidate states down the 265 deprecated path. 267 In its current expression and functionality, 6LoWPAN ND considers 268 that the registration is used for the purpose of DAD only as opposed 269 to that of achieving reachability, and as long as the same node 270 registers the IPv6 address, the protocol is functional. In order to 271 act as a RPL leaf registration protocol and achieve reachability, the 272 device must use the same TID for all its concurrent registrations, 273 and registrations with a past TID should be declined. The state for 274 an obsolete registration in the 6LR, as well as the RPL routers on 275 the way, should be invalidated. This can only be achieved with the 276 addition of a new Status in the DAC message, and a new error/clean-up 277 flow in RPL. 279 3.3. Proxy registration 281 The 6BBR provides the capability to defend an address that is owned 282 by a 6LoWPAN Node, and attract packets to that address, whether it is 283 done by proxying ND over a MultiLink Subnet, redistributing the 284 address in a routing protocol or advertising it through an alternate 285 proxy registration such as the Locator/ID Separation Protocol 286 [RFC6830] (LISP) or Mobility Support in IPv6 [RFC6275] (MIPv6). In a 287 LLN, it makes sense to piggyback the request to proxy/defend an 288 address with its registration. 290 3.4. Target Registration 291 In their current incarnations, both 6LoWPAN ND and Efficient ND 292 expect that the address being registered is the source of the NS(ARO) 293 message and thus impose that a Source Link-Layer Address (SLLA) 294 option be present in the message. In a mesh scenario where the 6LBR 295 is physically separated from the 6LoWPAN Node, the 6LBR does not own 296 the address being registered. This suggests that [I-D.chakrabarti- 297 nordmark-6man-efficient-nd] should evolve to register the Target of 298 the NS message as opposed to the Source Address. From another 299 perspective, it may happen, in the use case of a Star topology, that 300 the 6LR, 6LBR and 6BBR are effectively collapsed and should support 301 6LoWPAN ND clients. The convergence of efficient ND and 6LoWPAN ND 302 into a single protocol is thus highly desirable. 304 In any case, as long as the DAD process is not complete for the 305 address used as source of the packet, it is against the current 306 practice to advertise the SLLA, since this may corrupt the ND cache 307 of the destination node, as discussed in the Optimistic DAD 308 specification [RFC4429] with regards to the TENTATIVE state. 310 This may look like a chicken and an egg problem, but in fact 6LoWPAN 311 ND acknowledges that the Link-Local Address that is based on an 312 EUI-64 address of a LLN node may be autoconfigured without the need 313 for DAD. It results that a node could use that Address as source, 314 with an SSLA option in the message if required, to register any other 315 addresses, either Global or Unique-Local Addresses, which would be 316 indicated in the Target. 318 The suggested change is to register the target of the NS message, and 319 use Target Link-Layer Address (TLLA) in the NS as opposed to the SLLA 320 in order to install a Neighbor Cache Entry. This would apply to both 321 Efficient ND and 6LoWPAN ND in a very same manner, with the caveat 322 that depending on the nature of the link between the 6LBR and the 323 6BBR, the 6LBR may resort to classical ND or DHCPv6 to obtain the 324 address that it uses to source the NS registration messages, whether 325 for itself or on behalf of LLN nodes. 327 3.5. RPL root vs. 6LBR 329 6LoWPAN ND is unclear on how the 6LBR is discovered, and how the 330 liveliness of the 6LBR is asserted over time. On the other hand, the 331 discovery and liveliness of the RPL root are obtained through the RPL 332 protocol. 334 When 6LoWPAN ND is coupled with RPL, it makes sense to collocate the 335 6LBR functionality and that of the RPL root. The DAR/DAC exchange 336 becomes a preamble to the DAO messages that are used from then on to 337 reconfirm the registration, thus eliminating a duplication of 338 functionality between DAO and DAR messages. 340 3.6. Securing the Registration 341 A typical attack against IPv6 ND is address spoofing, whereby a rogue 342 node claims the IPv6 Address of another node in and hijacks its 343 traffic. 345 SEcure Neighbor Discovery (SEND) [RFC3971] is designed to protect 346 each individual ND lookup/advertisement in a peer to peer model where 347 each lookup may be between different parties. This is not the case 348 in a 6LoWPAN ND LLN where, as illustrated in Figure 2, the 6LBR 349 terminates all the flows and may store security information for later 350 validation. 352 Additionally SEND requires considerably enlarged ND messages to carry 353 cryptographic material, and requires that each protected address is 354 generated cryptographically, which implies the computation of a 355 different key for each Cryptographically Generated Address (CGA). 356 Once an Address is registered, the 6LBR maintains a state for that 357 Address and is in position to bind securely the first registration 358 with the Node that placed it, whether the Address is CGA or not. It 359 should thus be possible to protect the ownership of all the addresses 360 of a 6LoWPAN Node with a single key, and there should not be a need 361 to carry the cryptographic material more than once to the 6LBR. 363 4. Requirements 365 4.1. Requirements Related to Mobility 367 Due to the nature of LLN networks, even a fixed 6LoWPAN Node may 368 change its point of attachment (a 6LR) and may not be able to notify 369 the previous 6LR that it has disconnected. It results that the 370 previous 6LR may still attract traffic that it cannot deliver. When 371 the 6LR changes, there is thus a need to identify stale states and 372 restore reachability timely. 374 Upon a change of point of attachment, connectivity via a new 6LR MUST 375 be restored timely without the need to de-register from the previous 376 6LR. 378 For that purpose, the protocol MUST enable to differentiate multiple 379 registrations from a same 6LoWPAN Node from two different 6LoWPAN 380 Nodes claiming a same address. 382 This information MUST be passed from the 6LR to the 6LBR, and the 383 6LBR SHOULD be able to clean up the stale state asynchronously in the 384 previous 6LR. 386 A 6LoWPAN Node SHOULD also be capable to register a same Address to 387 multiple 6LRs, and this, concurrently. 389 4.2. Requirements Related to Routing Protocols 390 The point of attachment of a 6LoWPAN Node may be a 6LR in an LLN 391 mesh. An LLN route-over mesh is typically based on RPL, which is the 392 routing protocol that was defined at the IETF for this particular 393 purpose. It derives that in this scenario, the 6LR would classically 394 support RPL. One goal is that a 6LoWPAN Node attached via ND to a 395 RPL-capable 6LR would not need to participate to the RPL protocol to 396 obtain reachability via the 6LR. An additional goal would be to 397 obtain reachability via other routing protocols through a same ND- 398 based abstraction. 400 The ND registration method SHOULD be extended in such a fashion that 401 the 6LR MAY advertise the Address of a 6LoWPAN Node over RPL and 402 obtain reachability to that Address over the RPL domain. 404 The Address Registration Option used in the ND registration SHOULD be 405 extended to carry enough information to generate a DAO message as 406 specified in [RFC6550] section 6.4, in particular the capability to 407 compute a DAOSequence and, as an option, a RPLInstanceID. 409 Depending on their applicability to LLNs, other RPLInstanceID mesh/ 410 MANET protocols MAY be considered as well. 412 4.3. Requirements Related to the Variety of Low-Power Link types 414 6LoWPAN ND [RFC6775] was defined with a focus on IEEE802.15.4 and in 415 particular the capability to derive a unique Identifier from a 416 globally unique MAC-64 address. At this point, the 6lo Working Group 417 is extending the 6LoWPAN Header Compression (HC) [RFC6282] technique 418 to other link types ITU-T G.9959 [I-D.brandt-6man-lowpanz], Master- 419 Slave/Token-Passing [I-D.ietf-6man-6lobac], DECT Ultra Low Energy 420 [I-D.mariager-6lowpan-v6over-dect-ule], Near Field Communication [I-D 421 .hong-6lo-ipv6-over-nfc], as well as IEEE1901.2 Narrowband Powerline 422 Communication Networks [I-D.popa-6lo-6loplc-ipv6-over- 423 ieee19012-networks] and BLUETOOTH(R) Low Energy [I-D.ietf-6lo-btle]. 425 The support of the registration mechanism SHOULD be extended to more 426 LLN links, matching at least the links that are considered by 6lo as 427 well as other RPLInstanceID Low-Power links such as Low-Power Wi-Fi. 429 As part of this extension, a mechanism to compute a unique Identifier 430 should be provided, with the capability to form a Link-Local Address 431 that can not be a duplicate. The Identifier SHOULD be unique at 432 least to the domain where an Address formed by this device may be 433 advertised through ND mechanisms. 435 The Address Registration Option used in the ND registration SHOULD be 436 extended to carry the relevant forms of unique Identifier. 438 4.4. Requirements Related to Proxy Operations 440 The registration mechanism SHOULD enable a third party to proxy 441 register an Address on behalf of a 6LoWPAN node that may be sleeping 442 or located deeper in an LLN mesh. 444 4.5. Requirements Related to Security 446 In order to guarantee the operations of the 6LoWPAN ND flows, the 447 spoofing of the 6LR, 6LBR and 6BBRs roles should be avoided. Once a 448 node successfully registers an address, 6LoWPAN ND should provide the 449 means to protect that ownership even if the node is sleeping. In 450 particular, the 6LR and the 6LBR then should be able to verify 451 whether a subsequent registration for a same Address comes from a 452 same node or is a duplicate. 454 6LoWPAN ND SHOULD provide a mechanism for the 6LR, 6LBR and 6BBR to 455 authenticate and authorize one another for their respective roles, as 456 well as with the 6LoWPAN Node for the role of 6LR. 458 6LoWPAN ND SHOULD provide a mechanism for the 6LR and the 6LBR to 459 validate whether a new registration corresponds to a same 6LoWPAN 460 Node, and, if not, determine the rightful owner, and deny or clean-up 461 the registration that is deemed in excess. 463 4.6. Requirements Related to Low-Power devices 465 The ND registration method is designed to save energy on Low-Power 466 devices, and in particular enable duty-cycled devices that are 467 sleeping most of the time and not capable to defend their own 468 Addresses against always-on devices. 470 The registration mechanism SHOULD be applicable to a Low-Power device 471 regardless of the link type, and enable a 6BBR to operate as a proxy 472 to defend the registered Addresses on its behalf. 474 5. Suggested Changes to Protocol Elements 476 5.1. ND Neighbor Solicitation (NS) 478 The NS message used for registration should use a source address that 479 respects the rules in [RFC6775], [RFC4861], and [RFC4429] for DAD. 480 The SLLA Option may be present but only if the address passed DAD, 481 and it is used to allow the 6LR to respond as opposed to as a 482 registration mechanism. 484 The address that is being registered is the target address in the NS 485 message and the TLLA Option must be present. 487 5.2. ND Router Advertisement (RA) 489 [I-D.chakrabarti-nordmark-6man-efficient-nd] adds an 'E' bit in the 490 Router Advertisement flag, as well as a new Registrar Address Option 491 (RAO). These fields are probably pertinent to LLNs inclusion into a 492 revised 6LoWPAN ND should be studied. 494 There is some amount of duplication between the options in the RPL 495 DIO [RFC6550] and the options in the ND RA messages. At the same 496 time, there are a number of options, including the 6LoWPAN Context 497 Option (6CO) [RFC6775], the MTU and the SLLA Options [RFC4861] that 498 can only be found in the RA messages. Considering that these options 499 are useful for a joining node, the recommendation would be to 500 associate the RA messages to the join beacon, and make them rare when 501 the network is stable. On the other hand, the DIO message is to be 502 used as the propagated heartbeat of the RPL network and provide the 503 sense of time and liveliness. 505 RAs should also be issued and the information therein propagated when 506 a change occurs in the information therein, such as a router or a 507 prefix lifetime. 509 5.3. RPL DODAG Information Object (DIO) 511 If the RPL root serves as 6LBR, it makes sense to add at least a bit 512 of information in the DIO to signal so. A Registrar Address Option 513 (RAO) may also be considered for addition. 515 5.4. ND Enhanced Address Registration Option (EARO) 517 This option is designed to be used with standard NS and NA messages 518 between backbone Routers as well as between nodes and 6LRs over the 519 LLN and between the 6LBR and the 6BBR over whatever IP link they use 520 to communicate. 522 0 1 2 3 523 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 524 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 525 | Type | Length | Status | RPLInstanceID | 526 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 527 |Res|P|N| IDS |T| TID | Registration Lifetime | 528 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 529 | | 530 ~ Unique Interface Identifier (variable length) ~ 531 | | 532 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 534 The representation above is based on [I-D.chakrabarti-nordmark-6man- 535 efficient-nd]. Only the proposed changes from that specification are 536 discussed below but the expectation is that 6LoWPAN ND and Efficient 537 ND converge on the ARO format. 539 Status: 8-bit integer. A new value of 3 is suggested to indicate a 540 rejection due to an obsolete TID, typically an indication of a 541 movement. 543 RPLInstanceID: 8-bit integer. This field is set to 0 when unused. 544 Otherwise it contains the RPLInstanceID for which this address is 545 registered, as specified in RPL [RFC6550], and discussed in 546 particular in section 3.1.2. 548 P: One bit flag. Indicates that the address is to be redistributed 549 to obtain reachability, e.g. into the RPL protocol, or for ND 550 proxy operation. 552 N: One bit flag. Set if the device moved. If not set, the 6BBR will 553 refrain from sending gratuitous NA(O) or other form of distributed 554 ND cache clean-up over the backbone. For instance, the flag 555 should be reset after the DAD operation upon address formation. 557 6. Security Considerations 559 This specification expects that the link layer is sufficiently 560 protected, either by means of physical or IP security for the 561 Backbone Link or MAC sublayer cryptography. In particular, it is 562 expected that the LLN MAC provides secure unicast to/from the 563 Backbone Router and secure broadcast from the Backbone Router in a 564 way that prevents tempering with or replaying the RA messages. 566 The use of EUI-64 for forming the Interface ID in the link local 567 address prevents the usage of Secure ND ([RFC3971] and [RFC3972]) and 568 address privacy techniques. Considering the envisioned deployments 569 and the MAC layer security applied, this is not considered an issue 570 at this time. It is envisioned that the device could form a single 571 CGA-based Unique Interface ID (CUID) to securely bind all of its 572 addresses. The CUID would be used as Unique Interface Identifier in 573 the ARO option and the Secure ND procedures would be changed to use 574 it as opposed to the source IPv6 address. 576 7. IANA Considerations 578 A new type is requested for an ND option. 580 8. Acknowledgments 582 Samita, Erik, JP, Eric, Thomas, you will all recognize your influence 583 in this work... 585 9. References 587 9.1. Normative References 589 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 590 Requirement Levels", BCP 14, RFC 2119, March 1997. 592 [RFC2460] Deering, S.E. and R.M. Hinden, "Internet Protocol, Version 593 6 (IPv6) Specification", RFC 2460, December 1998. 595 [RFC3775] Johnson, D., Perkins, C. and J. Arkko, "Mobility Support 596 in IPv6", RFC 3775, June 2004. 598 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing 599 Architecture", RFC 4291, February 2006. 601 [RFC4429] Moore, N., "Optimistic Duplicate Address Detection (DAD) 602 for IPv6", RFC 4429, April 2006. 604 [RFC4443] Conta, A., Deering, S. and M. Gupta, "Internet Control 605 Message Protocol (ICMPv6) for the Internet Protocol 606 Version 6 (IPv6) Specification", RFC 4443, March 2006. 608 [RFC4861] Narten, T., Nordmark, E., Simpson, W. and H. Soliman, 609 "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, 610 September 2007. 612 [RFC4862] Thomson, S., Narten, T. and T. Jinmei, "IPv6 Stateless 613 Address Autoconfiguration", RFC 4862, September 2007. 615 [RFC4944] Montenegro, G., Kushalnagar, N., Hui, J. and D. Culler, 616 "Transmission of IPv6 Packets over IEEE 802.15.4 617 Networks", RFC 4944, September 2007. 619 [RFC6275] Perkins, C., Johnson, D. and J. Arkko, "Mobility Support 620 in IPv6", RFC 6275, July 2011. 622 [RFC6282] Hui, J. and P. Thubert, "Compression Format for IPv6 623 Datagrams over IEEE 802.15.4-Based Networks", RFC 6282, 624 September 2011. 626 [RFC6550] Winter, T., Thubert, P., Brandt, A., Hui, J., Kelsey, R., 627 Levis, P., Pister, K., Struik, R., Vasseur, JP. and R. 628 Alexander, "RPL: IPv6 Routing Protocol for Low-Power and 629 Lossy Networks", RFC 6550, March 2012. 631 [RFC6775] Shelby, Z., Chakrabarti, S., Nordmark, E. and C. Bormann, 632 "Neighbor Discovery Optimization for IPv6 over Low-Power 633 Wireless Personal Area Networks (6LoWPANs)", RFC 6775, 634 November 2012. 636 [RFC6830] Farinacci, D., Fuller, V., Meyer, D. and D. Lewis, "The 637 Locator/ID Separation Protocol (LISP)", RFC 6830, January 638 2013. 640 9.2. Informative References 642 [I-D.brandt-6man-lowpanz] 643 Brandt, A. and J. Buron, "Transmission of IPv6 packets 644 over ITU-T G.9959 Networks", Internet-Draft draft-brandt- 645 6man-lowpanz-02, June 2013. 647 [I-D.chakrabarti-nordmark-6man-efficient-nd] 648 Chakrabarti, S., Nordmark, E., Thubert, P. and M. 649 Wasserman, "Wired and Wireless IPv6 Neighbor Discovery 650 Optimizations", Internet-Draft draft-chakrabarti-nordmark- 651 6man-efficient-nd-04, October 2013. 653 [I-D.hong-6lo-ipv6-over-nfc] 654 Hong, Y., Choi, Y., Youn, J., Kim, D. and J. Choi, 655 "Transmission of IPv6 Packets over Near Field 656 Communication", Internet-Draft draft-hong-6lo-ipv6-over- 657 nfc-01, August 2014. 659 [I-D.ietf-6lo-btle] 660 Nieminen, J., Savolainen, T., Isomaki, M., Patil, B., 661 Shelby, Z. and C. Gomez, "Transmission of IPv6 Packets 662 over BLUETOOTH(R) Low Energy", Internet-Draft draft-ietf- 663 6lo-btle-02, June 2014. 665 [I-D.ietf-6man-6lobac] 666 Lynn, K., Martocci, J., Neilson, C. and S. Donaldson, 667 "Transmission of IPv6 over MS/TP Networks", Internet-Draft 668 draft-ietf-6man-6lobac-01, March 2012. 670 [I-D.ietf-6tisch-architecture] 671 Thubert, P., Watteyne, T. and R. Assimiti, "An 672 Architecture for IPv6 over the TSCH mode of IEEE 673 802.15.4e", Internet-Draft draft-ietf-6tisch- 674 architecture-01, February 2014. 676 [I-D.ietf-6tisch-terminology] 677 Palattella, M., Thubert, P., Watteyne, T. and Q. Wang, 678 "Terminology in IPv6 over the TSCH mode of IEEE 679 802.15.4e", Internet-Draft draft-ietf-6tisch- 680 terminology-00, November 2013. 682 [I-D.ietf-roll-terminology] 683 Vasseur, J., "Terms used in Routing for Low power And 684 Lossy Networks", Internet-Draft draft-ietf-roll- 685 terminology-13, October 2013. 687 [I-D.mariager-6lowpan-v6over-dect-ule] 688 Mariager, P., Petersen, J. and Z. Shelby, "Transmission of 689 IPv6 Packets over DECT Ultra Low Energy", Internet-Draft 690 draft-mariager-6lowpan-v6over-dect-ule-03, July 2013. 692 [I-D.popa-6lo-6loplc-ipv6-over-ieee19012-networks] 693 Popa, D. and J. Hui, "6LoPLC: Transmission of IPv6 Packets 694 over IEEE 1901.2 Narrowband Powerline Communication 695 Networks", Internet-Draft draft-popa-6lo-6loplc-ipv6-over- 696 ieee19012-networks-00, March 2014. 698 [RFC3963] Devarapalli, V., Wakikawa, R., Petrescu, A. and P. 699 Thubert, "Network Mobility (NEMO) Basic Support Protocol", 700 RFC 3963, January 2005. 702 [RFC3971] Arkko, J., Kempf, J., Zill, B. and P. Nikander, "SEcure 703 Neighbor Discovery (SEND)", RFC 3971, March 2005. 705 [RFC3972] Aura, T., "Cryptographically Generated Addresses (CGA)", 706 RFC 3972, March 2005. 708 [RFC4389] Thaler, D., Talwar, M. and C. Patel, "Neighbor Discovery 709 Proxies (ND Proxy)", RFC 4389, April 2006. 711 [RFC4919] Kushalnagar, N., Montenegro, G. and C. Schumacher, "IPv6 712 over Low-Power Wireless Personal Area Networks (6LoWPANs): 713 Overview, Assumptions, Problem Statement, and Goals", RFC 714 4919, August 2007. 716 Author's Address 718 Pascal Thubert, editor 719 Cisco Systems, Inc 720 Building D 721 45 Allee des Ormes - BP1200 722 MOUGINS - Sophia Antipolis, 06254 723 FRANCE 725 Phone: +33 497 23 26 34 726 Email: pthubert@cisco.com